By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

There are various professional organizations, resources and certifications of potential interest to those who need to learn more about what's involved in securing, protecting, investigating and analyzing the evidence necessary to handle security incidents when they occur, and to prosecute individuals or groups alleged to have perpetrated computer-related crimes or attacks.

The community of individuals involved in such activities is quite interesting, and represents a real cross-section of investigators and analysts from law enforcement, military and classified communities along with full-time IT professionals charged with handling security incidents for their organizations.

All these groups share an abiding interest in information security, but law enforcement-types tend to look at things more in terms of gathering, securing and maintaining the evidence necessary to prosecute malefactors. Other professionals more often look at things in terms of causes, effects, remediation and cures. Both outlooks can benefit from understanding each other's primary concerns, interests and activities.

The roles involved when dealing with possible computer crimes, network break-ins, attacks and so forth, often include the following:

Incident response: Individual(s) identified in an organization's security policy charged with responding to and handling security incidents (and also, with involving law enforcement where required or necessary).

Incident remediation: Individual(s) charged by an incident-response team with repairing damage done, restoring lost data or services affected and with taking necessary steps to prevent recurrences.

Incident investigation: Individual(s), under the direction of a lead investigator, charged with identifying the cause(s) and perpetrator(s) of the incident and with gathering, protecting, maintaining and presenting evidence. This usually involves law enforcement professionals, only if the victim of an incident decides to pursue legal remedies, makes claims for lost income or property or seeks criminal prosecution.

Incident analysis: Individual(s) who examine the evidence related to the incident to establish a sequence of related events and to prepare a case against one or more perpetrators resulting from such analysis.

A number of certifications aim at the investigation or forensics (analysis of evidence) aspects of security incidents, including the following:

CCCI -- Certified Computer Crime Investigator (Basic and Advanced) The CCCI aims at law enforcement and IT professionals seeking to specialize in investigative matters. Basic requirements include two years of experience (or a college degree plus one year of experience), 18 months of investigations experience, 40 hours of computer crimes training and documented experience from at least 10 cases investigated. Advanced requirements bump experience to three years, four years of investigations, 80 hours of training and involvement as a lead investigator in 20 cases with involvement in over 60 cases overall. Source: High Tech Crime Network certifications

CCFT -- Certified Computer Forensics Technician (Basic and Advanced) The CCFT aims at law enforcement and private IT professionals seeking to specialize in forensics matters. Basic requirements include two years of experience (or a college degree plus one year of experience), 18 months of forensics experience, 40 hours of computer forensics training and documented experience from at least 10 cases investigated. Advanced requirements bump experience to three years, four years of investigations, 80 hours of training and involvement as a lead investigator in 20 cases with involvement in over 60 cases overall. Source: High Tech Crime Network certifications

CFCE -- Computer Forensic Computer Examiner The International Association of Computer Investigative Specialists (IACIS) offers this credential to law enforcement and industry personnel alike. Candidates must have broad knowledge, training or experience in computer forensics, including forensic procedures and standards, as well as ethical, legal and privacy issues. Certification includes both hands-on performance-based testing as well as a written exam. Source: Computer Forensic Certification

PCI -- Professional Certified Investigator A high-level certification from the American Society for Industrial Security for those who specialize in investigating potential cybercrimes. Thus, in addition to technical skills, this certification concentrates on testing individuals' knowledge of legal and evidentiary matters required to present investigations in a court of law, including case management, evidence collection and case presentation. Requires seven-to-nine years of investigation experience, with at least three years in case management (a bachelor's degree or higher counts for up to two years of such experience) and a clean legal record for candidates. Source: ASIS International Certification

In addition, most of the vendor-neutral security certifications and many of the vendor-specific programs include at least high-level coverage of the legal niceties and technical concepts involved in incident handling, investigation and analysis, as well as a high-level description of requirements for gathering, preserving and maintaining a well-documented chain of evidence that meets legal standards.

Likewise, numerous organizations and publications devote themselves to topics related to digital evidence -- which sits at the heart of investigations and forensics for both legal and technical reasons. The best of these include:

This is just the tip of a large collection of organizations, publications and professional associations devoted to dealing with this topic and its ramifications. A quick search at SearchSecurity.com illustrates that "computer forensics" returns a huge number of hits.

One more thing: Because law is practiced at international, federal, state and municipal levels, you will often find interest groups, training classes and resources on the subject of computer investigation and forensics within the information channels that these various levels offer to law enforcement professionals. Don't overlook the many offerings available from these sources, either -- particularly if you wish to work with or belong to the law enforcement community.

Please let me know if my discussion of certifications, organizations, and resources for those who patrol the boundaries between law enforcement omits anything important. I'm grateful for all input, suggestions, pointers, ideas, questions or comments. Feel free to e-mail me at etittel@lanw.com.

Ed Tittel is the president of LANWrights, Inc., a wholly owned subsidiary of iLearning.com. Tittel has been working in the computing industry for 20 years and has worked as a software developer, manager, writer and trainer. As an expert on SearchSecurity, he answers your infosec training and certification questions in our Ask the Expert feature.

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy